Assessing e-Government DNS Resilience

Sommese, Raffaele; Jonker, Mattijs; Ham, Jeroen van der; Moura, Giovane C. M.

doi:10.23919/cnsm55787.2022.9965155

Cited by 5 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We analyze the DNS structuring of e-government domain names used by four countries (The Netherlands, Sweden, Switzerland, and the United States) and show the adoption of best practices (RQ-4), inter-country differences, and provide recommendations to improve DNS robustness. This study was conducted in early 2022 and was published in an academic conference [35].…”

Section: Discussionmentioning

confidence: 99%

“…Moura. "Assessing e-Government DNS Resilience", in Proceedings of the International Conference on Network and Service Management, 2022 [35].…”

Section: Organisation and Key Contributions 13mentioning

confidence: 99%

“…The Knowledge-Sharing and Instantiating Norms for DNS and Naming Security (KINDNS) initiative proposed by ICANN aims to codify best practices into global norms for improved security. In a recent study [35], we identify challenges related to the measurability of ICANN's proposed practices. While some overlap with practices discussed extensively in this thesis in chapters 5, 7, and 8, several were found to be either not measurable or to have strong ethical implications in their measurability.…”

Section: Kindns Observabilitymentioning

confidence: 99%

See 2 more Smart Citations

Everything in its right place: Improving DNS resilience

Sommese¹

View full text Add to dashboard Cite

In 2023, the Domain Name System (DNS) will celebrate 40 years since its creation. Despite the passing of four decades, the DNS continues to play a fundamental role in today's Internet. Specifically, the DNS provides the essential service of translating human-readable domain names (e.g., example.org) to IP addresses (e.g., 93.184.216.34).Over the years, the Internet has become increasingly vital to our modern society. The continuous flow of information that takes place on the Internet every day cannot be stopped without catastrophic consequences. In addition, services of crucial importance for people's everyday lives, such as government services, are increasingly transitioning to digital infrastructure. Given the importance of the DNS for the functioning of the Internet and modern society, any issues that the DNS encounters nowadays would have far-reaching consequences. However, over the past 40 years, weaknesses in the DNS system have emerged. One of the most significant cybersecurity threats facing the DNS today are Distributed Denial of Service (DDoS) attacks, which can have a severe impact on the availability of the DNS ecosystem. Recent events show that targeted attacks on even a small portion of the DNS infrastructure can impact millions of services and users.In this scenario, a comprehensive characterization of the resilience mechanisms of the DNS authoritative infrastructure, along with an analysis of threats against this resilience, is missing. This gap has led us to the main goal and contribution of this thesis. To achieve this goal, we use a mixed measurement and analytical approach, which has focused on different detractors of DNS resilience. Specifically, throughout the course of this thesis, we analyze misconfigurations and vulnerabilities resulting from miscommunication between operators, assess the choices made by these operators in creating more robust and stable deployments in the face of existing best practices, and evaluate the effectiveness of the deployed techniques in overcoming DDoS attacks.Focusing on our contributions, we show that while the distributed nature of the DNS has enabled its scalability and success, it also presents risks to its resilience. Inconsistency in the DNS hierarchy resulting from miscommunications between stakeholders increases the attack surface and affects resilience, enabling lame delegations and hijacking with potentially severe consequences. SommarioIl 2023 segna il quarantenario dalla creazione del Sistema di Risoluzione Nomi a Dominio, conosciuto come DNS. Nel corso del tempo, il DNS ha sempre svolto un ruolo fondamentale nell'ecosistema di Internet: possiamo considerarlo come un elenco telefonico, in quanto il DNS traduce nomi di dominio facili da ricordare in indirizzi IP (similarmente alle nostre pagine gialle per i numeri di telefono). Negli anni, Internet ha assunto sempre più importanza e i suoi quarant'anni iniziano a pesare sul DNS. Ogni giorno, infatti, assistiamo ad un flusso costante di informazioni che scorrono sulle autostrade digitali e che non p...

show abstract

Section: Discussionmentioning

confidence: 99%

“…Moura. "Assessing e-Government DNS Resilience", in Proceedings of the International Conference on Network and Service Management, 2022 [35].…”

Section: Organisation and Key Contributions 13mentioning

confidence: 99%

Section: Kindns Observabilitymentioning

confidence: 99%

See 1 more Smart Citation

Everything in its right place: Improving DNS resilience

Sommese¹

View full text Add to dashboard Cite

show abstract

The Role of Network Centralization in Shaping Digital Sovereignty: An Analysis Under the DNS Lens

Azevedo,

Scheid,

Franco

et al. 2024

Int J Network Mgmt

View full text Add to dashboard Cite

Centralization of Internet‐based services in a few key players has been a topic of study in recent years. One of such services, the domain name system (DNS), is one of the pillars of the Internet, which allows users to access websites on the Internet through easy‐to‐remember domain names rather than complex numeric IP addresses. In this DNS context, the reliance on a small number of large DNS providers can lead to (a) risks of data breaches and disruption of service in the event of failures and (b) concerns about the digital sovereignty of countries regarding DNS hosting. As several essential services are provided through electronic government (E‐Gov), it is highly important to be able to measure the digital sovereignty of a nation and the impacts that the lack of such feature can bring to its citizens. This work approaches the issue of DNS concentration on the Internet by presenting a solution to measure DNS hosting centralization and digital sovereignty in different countries, such as Brazil, India, China, Russia, and South Africa. With the data obtained through these measurements, relevant questions are answered, such as which are the top‐10 DNS providers, if there is DNS centralization, and how dependent countries are on such providers to manage domains using their country code top‐level domains (ccTLD). Future opportunities could investigate the impacts on sovereignty under the lens of other layers of the open systems interconnection (OSI) Network Sovereignty representation model presented in this work.

show abstract